8

So I have the lifetime of my sessions set to two weeks so users do not have to log in or out multiple times. However today I noticed something, if you log out it destroys your session but keeps the remember me cookie on your browser. This causes issues because if you switch accounts enough on the same computer 8-10 times you get a 400 bad request error because you are sending too much information. now 8-10 times in a normal lifetime of a cookie is kind of far fetched but when your lifetime is two weeks I have run into issues.

This is a screenshot of what is happening when logging in and out a few times back to back. enter image description here How can I delete the lifetime cookie when a user logs out? So far I have tried 

    Auth::logout();
    Session::flush();
CMOS
  • 2,727
  • 8
  • 47
  • 83

2 Answers2

4

It seems the cookie does not get unset automatically. However you can do this in your controller just before you return the redirect response after logout.

public function getLogout() {
    // your code here
    .....
    // Get remember_me cookie name
    $rememberMeCookie = Auth::getRecallerName();
    // Tell Laravel to forget this cookie
    $cookie = Cookie::forget($rememberMeCookie);

    return Redirect::to('/')->withCookie($cookie);
}

Just remember to return the cookie with the redirect, otherwise it won't work.

agm1984
  • 15,500
  • 6
  • 89
  • 113
Sh1d0w
  • 9,340
  • 3
  • 24
  • 35
  • This does seem like what is happening however even with copying your code directly it does not work. The user is logged out and I pass back the value in the redirect but I still have the same issue with multiple cookies piling up until I crash – CMOS May 27 '15 at 13:53
0

In my case, I needed to pass all parameters, not just name.

\Cookie::queue(\Cookie::forget('cookieName',null,'.yourdomain.com'));
Himanshu Saini
  • 702
  • 11
  • 25